» » Storage Security: Protecting SANs, NAS and DAS

Storage Security: Protecting SANs, NAS and DAS epub

by Scott Blaul,John Chirillo


Storage Security: Protecting SANs, NAS and DAS epub

ISBN: 0764516884

ISBN13: 978-0764516887

Author: Scott Blaul,John Chirillo

Category: Technology

Subcategory: Certification

Language: English

Publisher: Wiley; 1 edition (January 1, 2003)

Pages: 408 pages

ePUB book: 1976 kb

FB2 book: 1578 kb

Rating: 4.9

Votes: 773

Other Formats: lrf docx azw mbr





If storage security is your responsibility, you simply cannot afford to be without their advice. oceedings{P, title {Storage Security: Protecting, Sans, NAS, and Das}, author {John Chirillo and Scott Blaul}, year {2003} }. John Chirillo, Scott Blaul.

If storage security is your responsibility, you simply cannot afford to be without their advice. From the Publisher: Here is the ultimate storage security handbook from the nation's top security expert, renowned Hack Attacks author John Chirillo. To create a detailed blueprint for protecting vital storage systems, John and coauthor Scott Blaul analyze SANs, DAS, and NAS in detail.

Storage Security book. Goodreads helps you keep track of books you want to read. Start by marking Storage Security: Protecting, Sans, NAS, and Das as Want to Read: Want to Read savin. ant to Read.

Storage security is also covered by Chirillo John et al. In. this article, they have also covered the designing secure storage. Chirillo, John, and Scott Blaul. Storage Security: Protecting, SANs, NAS and DAS. John Wiley & Sons, In. 2002. SAN and NAS; Complementary Technologies.

by Scott Blaul and John Chirillo.

SAN Security Sitemap. com is a service of Network System Architects, Inc.

In their new book, Storage Security, Chirillo and Blaul take a comprehensive look at this often-ignored subject. Not only do the authors cover SAN, NAS and DAS security, you'll also find data availability, protection, backup and recovery. Storage Security is not about turning on the right configuration options on your XYZ brand server appliance. It's about applying solid, methodical security practices to your storage systems, regardless of whether they are disks directly attached to a single computer, Network Attached Storage or part of a Storage Area Network. Also among a few step-by-step case studies you'll come across a very useful iSCSI model.

There are various threats in distributed storage systems, but there is no comprehensive category. Chirillo, . Blaul, . Wiley (2002)Google Scholar.

The book written by John Chirillo, a security and analysis consultant, and Scott Blaul, a specialist in a range of computer support services, contains plenty of nitty gritty information aimed at IT professionals involved in the day to day administrative and technical aspects of storage systems. But a lot of the content is suitable for people in middle and upper management positions such as CIOs or CEOs of smaller businesses.

Protecting, SANs, NAS and DAS, John Chirillo, Scott Blaul, Wiley, 2002. Securing Storage: A Practical Guide to SAN and NAS Security, Himanshu Dwivedi, Addison-Wesley Professional, 2005 Storage Security: Protecting, SANs, NAS and DAS, John Chirillo, Scott Blaul, Wiley, 2002 Implementing CIFS: The Common Internet File System, Christopher Hertel, Prentice Hall PTR, 2003 WebDAV: Next-Generation Collaborative Web Authoring, Lisa Dusseault, Prentice Hall PTR, 2003.

* Storage systems are back-up data centers for vital information and a reliable second line of defense in the event a network is brought down * Security experts Chirillo and Blaul navigate the challenges of secure storage networks in this invaluable how-to book * Presents a standard set of secure policies and applications * Analyzes the strengths and weaknesses of SAN, NAS, and DAS systems, detailing security concerns and considerations * Discusses how to implement and architect more secure storage systems, focusing on breaches, redundancy, and security strategies * Takes into consideration protection against internal intruders and tests those plans via vulnerability and penetration testing
Securing storage sub-systems is an important, but omitted task. Will this text help you to do what is necessary to secure your storage fabrics? On my third read, the answer remains illusive. Important parts that should be part of standard decision protocol are missing. Will the text help you to understand security as a general topic? Certainly, the text attempts to apply CISSP concepts to the storage security topic.

In Chapter 1, trade articles cite storage pundits on the typical security grind, with a few small customer comments. All neglect in some form the fact that administrative error is the number one risk to availability, and by ISO17799, a security threat. Security is proactive rather than reverse engineered. The listing of security domains is certainly useful as a template for consideration.

Chapter 2 (DAS) discusses at length issues of data protection (RAID), discussion of interface technologies and a useful CISS matrix that is then applied to each interface. Rather than offer mitigation strategies for each interface, security resorts to the traditional CISSP analysis approach, classify, use standards, and build a plan, etc. when people really need situational case studies and risk mitigation. (Certainly, it remains important to do the analysis, but that is part of a CISSP text.)

Chapter 3 (NAS) begins with discussion of the NAS technology and their reasons for values supporting their security evaluation criteria. I found no serious discussion of the relationship of NAS to the outside world (Windows and UNIX) and the risks that this creates (need for authentication, etc.) In addition, one would expect a discussion of NFS flavors, CIFS and active directory, but this too was absent. One nit was a "weakness: NAS may not be good for databases," which with the new locking mechanisms is becoming more popular (although I personally still have a hard time with the idea.) Some protocols discussed are no longer in use. It includes a passable discussion on NASD and key management.

Chapter 4 (SAN) As with the others begins with discussion of technologies in the broad sense of the storage fabric including iSCSI and FC, followed by a SAN security matrix. The discussion of "Manageability" and "Access Control Management" including techniques by title and model remain as definitions without an interpretation within the technology - e.g. The Bell-LaPadula Model includes mandatory access control by determining access rights from different security levels, and discretionary access control by cross-referencing access rights from a matrix. How do we create the matrix in SAN terms, develop security levels, and determine access control rights? When is it appropriate to use this model? Very little discussion of authentication, other than user or administrator rights - techniques were in existence at the time of publication.

I could continue, but my findings remain that this is a book about security, not storage security. It has a lot of potential if the models are given life with real life interpretation.
What does "Information Security" mean to you? To many, it means firewalls and encryption. To some, it means intrusion detection systems. Chances are the words "file servers" weren't high on your list, but they probably should be. After all, "information security" is about information, and when it's not flying across the network it's got to be stored somewhere, right? In fact, the security of the storage mechanism is often overlooked, which makes it an attractive target for attackers. In their new book, Storage Security, Chirillo and Blaul take a comprehensive look at this often-ignored subject.
Storage Security is not about turning on the right configuration options on your XYZ brand server appliance. It's about applying solid, methodical security practices to your storage systems, regardless of whether they are disks directly attached to a single computer, Network Attached Storage or part of a Storage Area Network. The authors address the full security cycle, too, starting with evaluating the security of proposed new storage solutions. Comparative data in hand, the book shows you how to narrow the field to a single solution that offers the best balance between functionality and security. And once the system is selected, you can't stop there. You've got to decide upon appropriate security policies for the new storage system, draft and implement a backup and restore plan, deal with disaster recovery and take care of a host of other issues. In short, this is a good guide to an entire range of considerations necessary to select, deploy and manage a secure storage solution.
The book's evaluation methodology is particularly valuable. Each type of storage (direct attach, NAS and SAN) is covered in a chapter of its own. Within each chapter, the authors address specific technologies used to implement that type of storage. For example, the direct attach chapter discusses such common storage technologies as SCSI and IDE, moderately exotic systems like USB and Firewire drives, and some more advanced solutions like HiPPI and SSA. Each technology is then placed in a matrix and scored in 11 different categories, including popularity and industry acceptance, built-in data protection features, typical fault tolerance and physical security characteristics. The authors assign each rating on a scale of 1 (poor) to 5 (the best). This gives a good general indication of how each technology measures up, but they tend to rely on a straight average of the ratings when determining the "best" technology. Although it's true that the average allows you to make a quick ballpark comparison, there are many other factors to consider as well, such as the suitability for your particular environment and the way in which your users need to access their data. The matrixes are quite useful, but just remember that you can't always boil things down to a simple numerical score.
Probably the biggest problem with this book is that it's pretty dry. As a reference book, the writing style is fine: since it's easy to find what you're looking for, and the chapters are concise. It's difficult to read from cover-to-cover, though, which is a shame because that's what you should probably do the first time through. Take it in small doses, a chapter or so at a time, and you should be fine.
Storage Security is about just what you'd think: the security of your data as it's being stored on your server(s). It's not a detailed look at the configuration of any one product, but rather a comprehensive, theory-based approach to managing the security of your storage subsystem from evaluation to purchase to daily operations. If you manage a small or mid-size network, you may not need this book. If you have a larger network, though, or have significant data storage needs, this deserves a space on your shelf.
Storage networking and security are two different subject matters that really have been treated as such. I read about SANs and NASs being vulnerable with overlooked security. Since this is one of the industry's missing links I've been waiting for a new book that includes the "whole enchilada", and Storage Security is just that.
Don't be fooled by this book's outline. This book is stuffed with goodies from technology to implementation. Not only do the authors cover SAN, NAS and DAS security, you'll also find data availability, protection, backup and recovery. Also among a few step-by-step case studies you'll come across a very useful iSCSI model. Even better this book includes excellent design and selection criteria and goes so far as to building a testing and monitoring program using (my favorite VS) Nessus.
I would have liked to see more modeling but the technology and business criterion make up for it. Well done.
As a Project Manager for an IT company, I found this book to be interesting and compelling. It touches on many of the issues that are facing today's IT managers with it's discussion of SANs, NAS and DAS. The book offers explanations and histories of the technologies without insulting the intelligence of knowledgeable readers.
As stated in another review, the case studies are most helpful and give real world examples. John and Scott do a fine job of creating realistic scenarios and discuss the solutions in a positive way. Any reader will be able to relate in some way to the examples.
One of the features that I enjoyed were the "Security Thoughts" spread throughout the book. They make intersting points and give the reader some real food for thought.
Good job Scott and John! I look forward to your next book.